REMARKS 

Applicants respectfully request reconsideration of the present application based on the 
foregoing amendments and the following remarks. This Amendment incorporates and replaces 
the After Final Amendment filed August 15, 2005 that was not entered by the Examiner because 
certain pages of the Amendment were apparently unintelligible due to technical difficulties at the 
Patent Office. By this amendment, claims 2, 21 and 40 have been amended in response to 
objections raised in the Office Action. Accordingly, no new issues are raised and/or issues have 
been reduced for Appeal, and so entry of this amendment is respectfully requested. Upon entry 
of the amendment, claims 1, 2, 4-8, 10-16, 18-21, 23-27, 29-35, 37-40, 43 and 45-51 will remain 
pending in the application. 

Claim Objections 

The Office Action objects to claims 2, 21 and 40 for lacking a subject after the word 
"certain." Applicants have amended the claims to replace the term "certain" with the term 
"certain network elements" and submit that the objections should be removed. 

Claim Rejections Under 35 U.S.C. § 103(a) ! 

Claims 1-2, 4-8, 18-21, 23-27, 37-40, 43 and 45 stand rejected under 35 U.S.C. § 103(a) 
as being obvious over U.S. Patent No. 6,167,517 to Gilchrist ("Gilchrist") in view of U.S. Patent 
No. 6,157,707 to Baulier ("Baulier '707") in view of U.S. Patent No. 6,845,448 to Chaganti 
("Chaganti"). Applicants incorporate and restate prior arguments made in responses to rejections 
made in previous Office Actions. 

Independent Claims 1, 20 and 39 Patentably Define Over Gilchrist, Baulier and Chaganti 
In the Office Action, Claims 1, 20 and 39 stand rejected under 35 U.S.C. 103(a) as 
allegedly being unpatentable over Gilchrist in view of Baulier and further in view of Chaganti. 
Applicants respectfully traverse the rejections. The Office Action acknowledges that Gilchrist- 
Baulier does not teach storing of business rules in a database identified by a company and relies 
on Chaganti in rejecting these claims. However, Applicants submit that Chaganti fails to cure 
the deficiencies of Gilchrist-Baulier, even if, arguendo, one skilled in the art would be led to 
combine the teachings of all three cited references. 
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a. The Alleged Combination of Gilchrist, Baulier and Chaganti Do Not Teach Or 
Suggest All The Limitations Of Independent Claims 1, 20 and 39 

A prima facie case of obviousness under § 103 requires that each and every limitation be 
taught or suggested in the cited prior art. MPEP 2143.03; In re Royka, 490 F.2d 981 (CCPA 1974). 

Claims 1, 20 and 39 1 of the present application require the storing of business rules for a 
plurality of companies having on-line resources , identifying a company associated with a user- 
requested on-line resource from among the plurality of companies and retrieving the stored 
business rules for the identified company . The claims also require a determination of whether 
the request requires authentication in accordance with the stored business rules and enabling the 
request after matching of indicia of physical identification provided by the user, where required. 

The Office Action proposes that a rules database in Chaganti could be combined with 
rule evaluation of Gilchrist-Baulier so that a central authentication system can carry out multiple 
policies for separate companies, and thus rendering the claimed invention obvious. Applicants 
respectfully disagree with many of the bases for this position. 

First, Gilchrist merely teaches an authentication system whereby a user must always 
supply a biometric sample before being granted access to resources on a network. Gilchrist does 
not teach or suggest at least the following steps in claim 1 : 

• storing business rules for a plurality of companies having on-line resources; 

• identifying a company associated with the requested on-line resource from among 
the plurality of companies; 

• retrieving the stored business rules for the identified company; 

• wherein the step of determining whether the request requires authentication 
includes determining whether stored business rules for the identified company 
associated with the requested on-line resource indicates that authentication for the 
user is required 

Baulier merely teaches a fraud management and prevention system wherein selective 
authentication is required based on a fraud score computed for a given request for placing a 



Claim 1 is in method form, and claims 20 and 39 recite similar subject matter in apparatus form. 
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phone call. Accordingly, the alleged combination of Baulier with Gilchrist would still not teach 
or suggest at least the following steps in claim 1: 

• storing business rules for a plurality of companies having on-line resources; 

• identifying a company associated with the requested on-line resource from among 
the plurality of companies; 

• retrieving the stored business rules for the identified company; 

• wherein the step of determining whether the request requires authentication 
includes determining whether stored business rules for the identified company 
associated with the requested on-line resource indicates that authentication for the 
user is required 

Chaganti fails to supply teachings or suggestions sufficient to meet the subject matter 
missing from Gilchrist-Baulier as shown above. 

Chaganti merely teaches an online repository that stores personal information, for a user 
whereby authorized requesters can access the personal information directly from the repository 
upon identification {see col. 2, lines 18-22). The user can associate security classifications with 
various pieces of the user's personal information (see col. 9, line 21-32). Access control lists can 
also be maintained for each level in the security classification (see col. 10, lines 23-29). 

As for providing access to a user's personal information, in one embodiment, requesters 
are identified by accounts maintained by the repository service which provides them access to 
information for individual users upon proper authentication, (col. 10, lines 30-42). In another 
embodiment, a user can authorize an individual requester's access to his/her personal 
information maintained in the repository by providing his/her identifier to the requester, along 
with his/her authorization such as a password (col. 10, lines 43-67). In this case, the requester is 
preauthorized to access the personal information repository and the server need only supply the 
requested information. 

Neither embodiment of Chaganti meets the limitations of the claims that are missing from 
Gilchrist-Baulier. 

In the first embodiment, even if, arguendo, the user's "security classifications" and 
"access control lists" could be considered the claimed "stored business rules," and if the step of 
identifying a company and retrieving business rules for the identified company could be 

Camacho et al. 14 

09/801 ,468 010942-0269936 (AWT-003) 

700060478vl 



considered met when a requester using an account attempts to access a user's personal 
information, 2 at least the following step of claim 1 would not be met: 

wherein the step of determining whether the request requires authentication includes 
determining whether stored business rules for the identified company associated with 
the requested on-line resource indicates that authentication for the user is required 

At least this step is not met because in the first embodiment of Chaganti, the access 
control lists merely determine whether or not a given request for information can be granted 
(after a requester has already logged into his account), and are not used to determine whether 
further authentication is required before the access is granted. Apparently - Chaganti 's 
teachings are very limited and non-enabling in this regard - a given requester can have a 
corresponding "trust" indicator that determines whether they can be granted access to the 
information they seek. For example, if the requester is among "well-known companies," as in 
col. 10, line 27, the requester may be given access to the most secure types of information after 
they have already logged in. This threshold comparison between a "trust" level and a security 
level merely determines whether or not any access is granted at all, does not involve determining 
whether any further authentication is required, as set forth in the clear limitations of the claims. 

In the second embodiment of Chaganti, where the user provides his/her identifier and 
password to the requester, there is no indication that any further authorization or authentication is 
required. It appears that the user is already pre-authorized to obtain all of the user's information, 
and no use of security classifications or access control lists is needed. 

Clearly then, Chaganti merely maintains policies that govern requesting systems' access 
to given pieces of information in a database maintained by the server and never determines 
whether authentication is required for any specific piece of information. Therefore, it is apparent 
that the alleged combination of Chaganti with Gilchrist-Baulier would still not render obvious 
the inventions claimed in Claims 1, 20 and 39. 



Applicants do not concede that these allegations are reasonable. For example, the Office Action takes the 
position that a user's personal information corresponds to an "on-line resource." Applicants do not believe one 
skilled in the art would agree with that interpretation, especially in view of the dependent claims which further 
require network elements to be associated with on-line resources. However, Applicants have applied the Office 
Action's positions herein for the sake of argument to show how they still fail to meet the limitations of the claims. 
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For at least these reasons, amended independent Claims 1, 20 and 39 patentably define 
over Gilchrist, Baulier and Chaganti and Applicants respectfully request withdrawal of the 
rejections of these claims, along with pending claims 2, 4-8, 10-16, 18, 19, 21, 23-27, 29-35, 37, 
38, 40, 43 and 45-5 1 that depend therefrom. 

b. One Skilled In The Art Would Not Have Combined Gilchrist, Baulier and Chaganti 
As Alleged In The Office Action 

Applicants respectfully submit that Gilchrist, Baulier and Chaganti have been improperly 
combined in a hindsight attempt to reconstruct the invention based on the Applicants' disclosure. 
First, Gilchrist, Baulier and Chaganti are from several different fields of endeavor, so one skilled 
in the art of systems for reducing on-line fraud would not be led to consult them all. For 
example, Gilchrist's Client Biometric Authentication system is classified in Class 713, subclass 
186 while Baulier' s Cell Phone Transaction Intervention system is classified Class 379, subclass 
189. 

Moreover, Chaganti merely teaches an On-Line Repository of personal information for a 
number of individuals, which can be accessed by various requestors. One skilled in the art of 
Gilchrist's Client Biomentric Authentication system would not be led to consult Chaganti' s 
teachings for on-line repositories, and vice-versa, because they are aimed at completely different 
problems. Gilchrist is aimed at authenticating access to a service by a plurality of persons, 
whereas Chaganti is aimed at providing access to selected pieces of personal information for a 
plurality of persons by individual requesters. And Baulier merely provides transaction 
intervention for cell phone calls. 

Accordingly, it is respectfully submitted that one skilled in the art would not be 
motivated to combine Gilchrist, Baulier and Chaganti as alleged in the Office Action. 

No Other Cited References Cure The Deficiencies Cited Above 

Claims 2, 4-8, 18-19, 21, 23-27, 37-38, 40, 43 and 45 stand rejected as being obvious 
over Gilchrist-Baulier-Chaganti in view of Blonder and/or Spiegel. These claims depend 
ultimately from amended independent claims 1, 20 and 39 and thus are patentable for at least the 
reasons presented above. The deficiencies noted above are not cured by the alleged combination 
with Blonder and/or Spiegel. Accordingly, the rejections of these claims should be withdrawn. 
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Conclusion 



All objections and rejections having been addressed, and in view of the foregoing, the 
claims are believed to be in form for allowance, and such action is hereby solicited. If any points 
remain in issue which the Examiner feels may be best resolved through a personal or telephone 
interview, the Examiner is kindly requested to contact the undersigned at the telephone number 
listed below. 



Respectfully submitted, 

PILLSBURY WINTHROP SHAW POTMAN LLP 



Date: October 13, 2005 




for Mark J. Danielson Reg. No. 40,580 
(650) 233-4500 

Please reply to customer no. 27,498 
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